# frozen_string_literal: true

# A note on the root of an issue, merge request, commit, or snippet.
#
# A note of this type is never resolvable.
class Note < ApplicationRecord
  extend ActiveModel::Naming
  extend Gitlab::Utils::Override

  include Gitlab::Utils::StrongMemoize
  include Participable
  include Mentionable
  include Awardable
  include Importable
  include FasterCacheKeys
  include Redactable
  include CacheMarkdownField
  include AfterCommitQueue
  include ResolvableNote
  include Editable
  include Gitlab::SQL::Pattern
  include ThrottledTouch
  include FromUnion
  include Sortable
  include EachBatch
  include IgnorableColumns
  include Spammable

  ignore_column :id_convert_to_bigint, remove_with: '16.3', remove_after: '2023-08-22'

  ISSUE_TASK_SYSTEM_NOTE_PATTERN = /\A.*marked\sthe\stask.+as\s(completed|incomplete).*\z/.freeze

  cache_markdown_field :note, pipeline: :note, issuable_reference_expansion_enabled: true

  redact_field :note

  TYPES_RESTRICTED_BY_PROJECT_ABILITY = {
    branch: :download_code
  }.freeze

  TYPES_RESTRICTED_BY_GROUP_ABILITY = {
    contact: :read_crm_contact
  }.freeze

  NON_DIFF_NOTE_TYPES = ['Note', 'DiscussionNote', nil].freeze

  # Aliases to make application_helper#edited_time_ago_with_tooltip helper work properly with notes.
  # See https://gitlab.com/gitlab-org/gitlab-foss/merge_requests/10392/diffs#note_28719102
  alias_attribute :last_edited_by, :updated_by

  # Attribute containing rendered and redacted Markdown as generated by
  # Banzai::ObjectRenderer.
  attr_accessor :redacted_note_html

  # Total of all references as generated by Banzai::ObjectRenderer
  attr_accessor :total_reference_count

  # Number of user visible references as generated by Banzai::ObjectRenderer
  attr_accessor :user_visible_reference_count

  # Attribute used to store the attributes that have been changed by quick actions.
  attr_writer :commands_changes

  # Attribute used to store the quick action command names.
  attr_accessor :command_names

  # Attribute used to determine whether keep_around_commits will be skipped for diff notes.
  attr_accessor :skip_keep_around_commits

  attribute :system, default: false

  attr_spammable :note, spam_description: true

  attr_mentionable :note, pipeline: :note
  participant :author

  belongs_to :project
  belongs_to :noteable, polymorphic: true # rubocop:disable Cop/PolymorphicAssociations
  belongs_to :author, class_name: "User"
  belongs_to :updated_by, class_name: "User"
  belongs_to :last_edited_by, class_name: 'User'
  belongs_to :review, inverse_of: :notes

  has_many :todos

  # The delete_all definition is required here in order
  # to generate the correct DELETE sql for
  # suggestions.delete_all calls
  has_many :suggestions, -> { order(:relative_order) },
    inverse_of: :note, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
  has_many :events, as: :target, dependent: :delete_all # rubocop:disable Cop/ActiveRecordDependent
  has_one :system_note_metadata
  has_one :note_metadata, inverse_of: :note, class_name: 'Notes::NoteMetadata'
  has_one :note_diff_file, inverse_of: :diff_note, foreign_key: :diff_note_id
  has_many :diff_note_positions

  delegate :gfm_reference, :local_reference, to: :noteable
  delegate :name, to: :project, prefix: true
  delegate :name, :email, to: :author, prefix: true
  delegate :title, to: :noteable, allow_nil: true

  accepts_nested_attributes_for :note_metadata

  validates :note, presence: true
  validates :note, length: { maximum: Gitlab::Database::MAX_TEXT_SIZE_LIMIT }
  validates :project, presence: true, if: :for_project_noteable?

  # Attachments are deprecated and are handled by Markdown uploader
  validates :attachment, file_size: { maximum: :max_attachment_size }

  validates :noteable_type, presence: true
  validates :noteable_id, presence: true, unless: [:for_commit?, :importing?]
  validates :commit_id, presence: true, if: :for_commit?
  validates :author, presence: true
  validates :discussion_id, presence: true, format: { with: /\A\h{40}\z/ }

  validate :ensure_confidentiality_discussion_compliance
  validate :ensure_noteable_can_have_confidential_note
  validate :ensure_note_type_can_be_confidential
  validate :ensure_confidentiality_not_changed, on: :update

  validate unless: [:for_commit?, :importing?, :skip_project_check?] do |note|
    unless note.noteable.try(:project) == note.project
      errors.add(:project, 'does not match noteable project')
    end
  end

  validate :does_not_exceed_notes_limit?, on: :create, unless: [:system?, :importing?]
  validate :validate_created_after

  # @deprecated attachments are handled by the Upload model.
  #
  # https://gitlab.com/gitlab-org/gitlab/-/issues/20830
  mount_uploader :attachment, AttachmentUploader

  # Scopes
  scope :for_commit_id, ->(commit_id) { where(noteable_type: "Commit", commit_id: commit_id) }
  scope :system, -> { where(system: true) }
  scope :user, -> { where(system: false) }
  scope :not_internal, -> { where(internal: false) }
  scope :common, -> { where(noteable_type: ["", nil]) }
  scope :fresh, -> { order_created_asc.with_order_id_asc }
  scope :updated_after, ->(time) { where('updated_at > ?', time) }
  scope :with_discussion_ids, ->(discussion_ids) { where(discussion_id: discussion_ids) }
  scope :with_suggestions, -> { joins(:suggestions) }
  scope :inc_author, -> { includes(:author) }
  scope :authored_by, ->(user) { where(author: user) }
  scope :inc_note_diff_file, -> { includes(:note_diff_file) }
  scope :with_api_entity_associations, -> { preload(:note_diff_file, :author) }
  scope :inc_relations_for_view, ->(noteable = nil) do
    relations = [{ project: :group }, { author: :status }, :updated_by, :resolved_by,
      :award_emoji, :note_metadata, { system_note_metadata: :description_version }, :suggestions]

    if noteable.nil? || DiffNote.noteable_types.include?(noteable.class.name)
      relations += [:note_diff_file, :diff_note_positions]
    end

    includes(relations)
  end

  scope :with_notes_filter, -> (notes_filter) do
    case notes_filter
    when UserPreference::NOTES_FILTERS[:only_comments]
      user
    when UserPreference::NOTES_FILTERS[:only_activity]
      system
    else
      all
    end
  end

  scope :diff_notes, -> { where(type: %w(LegacyDiffNote DiffNote)) }
  scope :new_diff_notes, -> { where(type: 'DiffNote') }
  scope :non_diff_notes, -> { where(type: NON_DIFF_NOTE_TYPES) }

  scope :with_associations, -> do
    # FYI noteable cannot be loaded for LegacyDiffNote for commits
    includes(
      :author, :noteable, :updated_by,
      project: [:project_members, :namespace, { group: [:group_members] }]
    )
  end
  scope :with_metadata, -> { includes(:system_note_metadata) }

  scope :without_hidden, -> {
    if Feature.enabled?(:hidden_notes)
      where_not_exists(Users::BannedUser.where('notes.author_id = banned_users.user_id'))
    else
      all
    end
  }

  scope :for_note_or_capitalized_note, ->(text) { where(note: [text, text.capitalize]) }
  scope :like_note_or_capitalized_note, ->(text) { where('(note LIKE ? OR note LIKE ?)', text, text.capitalize) }

  before_validation :nullify_blank_type, :nullify_blank_line_code
  # Syncs `confidential` with `internal` as we rename the column.
  # https://gitlab.com/gitlab-org/gitlab/-/issues/367923
  before_create :set_internal_flag
  after_save :keep_around_commit, if: :for_project_noteable?, unless: -> { importing? || skip_keep_around_commits }
  after_save :touch_noteable, unless: :importing?
  after_commit :notify_after_create, on: :create
  after_commit :notify_after_destroy, on: :destroy

  after_commit :trigger_note_subscription_create, on: :create
  after_commit :trigger_note_subscription_update, on: :update
  after_commit :trigger_note_subscription_destroy, on: :destroy
  after_commit :expire_etag_cache, unless: :importing?

  def trigger_note_subscription_create
    return unless trigger_note_subscription?

    GraphqlTriggers.work_item_note_created(noteable.to_work_item_global_id, self)
  end

  def trigger_note_subscription_update
    return unless trigger_note_subscription?

    GraphqlTriggers.work_item_note_updated(noteable.to_work_item_global_id, self)
  end

  def trigger_note_subscription_destroy
    return unless trigger_note_subscription?

    # when deleting a note, we cannot pass it on as a Note instance, as GitlabSchema.object_from_id
    # would try to resolve the given Note and fetch it from DB which would raise NotFound exception.
    # So instead we just pass over the string representations of the note and discussion IDs,
    # so that the subscriber can identify the discussion and the note.
    deleted_note_data = {
      id: self.id,
      model_name: self.class.name,
      discussion_id: self.discussion_id,
      last_discussion_note: discussion.notes == [self]
    }

    GraphqlTriggers.work_item_note_deleted(noteable.to_work_item_global_id, deleted_note_data)
  end

  class << self
    extend Gitlab::Utils::Override

    def model_name
      ActiveModel::Name.new(self, nil, 'note')
    end

    def discussions(context_noteable = nil)
      Discussion.build_collection(all.includes(:noteable).fresh, context_noteable)
    end

    # Note: Where possible consider using Discussion#lazy_find to return
    # Discussions in order to benefit from having records batch loaded.
    def find_discussion(discussion_id)
      notes = where(discussion_id: discussion_id).fresh.to_a

      return if notes.empty?

      Discussion.build(notes)
    end

    # Group diff discussions by line code or file path.
    # It is not needed to group by line code when comment is
    # on an image.
    def grouped_diff_discussions(diff_refs = nil)
      groups = {}

      diff_notes.fresh.discussions.each do |discussion|
        group_key =
          if discussion.on_image?
            discussion.file_new_path
          else
            discussion.line_code_in_diffs(diff_refs)
          end

        if group_key
          discussions = groups[group_key] ||= []
          discussions << discussion
        end
      end

      groups
    end

    def positions
      where.not(position: nil)
        .select(:id, :type, :position) # ActiveRecord needs id and type for typecasting.
        .map(&:position)
    end

    def count_for_collection(ids, type, count_column = 'COUNT(*) as count')
      user.select(:noteable_id, count_column)
        .group(:noteable_id)
        .where(noteable_type: type, noteable_id: ids)
    end

    def search(query)
      fuzzy_search(query, [:note])
    end

    # Override the `Sortable` module's `.simple_sorts` to remove name sorting,
    # as a `Note` does not have any property that correlates to a "name".
    override :simple_sorts
    def simple_sorts
      super.except('name_asc', 'name_desc')
    end

    def cherry_picked_merge_requests(shas)
      where(noteable_type: 'MergeRequest', commit_id: shas).select(:noteable_id)
    end

    def with_web_entity_associations
      preload(:project, :author, :noteable)
    end
  end

  # rubocop: disable CodeReuse/ServiceClass
  def system_note_with_references?
    return unless system?

    if force_cross_reference_regex_check?
      matches_cross_reference_regex?
    else
      ::SystemNotes::IssuablesService.cross_reference?(note)
    end
  end
  # rubocop: enable CodeReuse/ServiceClass

  def diff_note?
    false
  end

  def active?
    true
  end

  def max_attachment_size
    Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i
  end

  def hook_attrs
    Gitlab::HookData::NoteBuilder.new(self).build
  end

  def supports_suggestion?
    false
  end

  def for_commit?
    noteable_type == "Commit"
  end

  def for_issue?
    noteable_type == "Issue"
  end

  def for_work_item?
    noteable.is_a?(WorkItem)
  end

  def for_merge_request?
    noteable_type == "MergeRequest"
  end

  def for_snippet?
    noteable_type == "Snippet"
  end

  def for_alert_mangement_alert?
    noteable_type == 'AlertManagement::Alert'
  end

  def for_vulnerability?
    noteable_type == "Vulnerability"
  end

  def for_project_snippet?
    noteable.is_a?(ProjectSnippet)
  end

  def for_personal_snippet?
    noteable.is_a?(PersonalSnippet)
  end

  def for_project_noteable?
    !for_personal_snippet?
  end

  def for_design?
    noteable_type == DesignManagement::Design.name
  end

  def for_issuable?
    for_issue? || for_merge_request?
  end

  def skip_project_check?
    !for_project_noteable?
  end

  def commit
    @commit ||= project.commit(commit_id) if commit_id.present?
  end

  # Notes on merge requests and commits can be traced back to one or several
  # MRs. This method returns a relation if the note is for one of these types,
  # or nil if it is a note on some other object.
  def merge_requests
    if for_commit?
      project.merge_requests.by_commit_sha(commit_id)
    elsif for_merge_request?
      MergeRequest.id_in(noteable_id)
    end
  end

  # override to return commits, which are not active record
  def noteable
    return commit if for_commit?

    super
  rescue StandardError
    # Temp fix to prevent app crash
    # if note commit id doesn't exist
    nil
  end

  # FIXME: Hack for polymorphic associations with STI
  #        For more information visit http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html#label-Polymorphic+Associations
  def noteable_type=(noteable_type)
    super(noteable_type.to_s.classify.constantize.base_class.to_s)
  end

  def contributor?
    project&.team&.contributor?(self.author_id)
  end

  def human_max_access
    project&.team&.human_max_access(self.author_id)
  end

  def noteable_author?(noteable)
    noteable.author == self.author
  end

  def project_name
    project&.name
  end

  def confidential?(include_noteable: false)
    return true if confidential

    include_noteable && noteable.try(:confidential?)
  end

  def editable?
    !system?
  end

  # We used `last_edited_at` as an alias of `updated_at` before.
  # This makes it compatible with the previous way without data migration.
  def last_edited_at
    super || updated_at
  end

  # Since we used `updated_at` as `last_edited_at`, it could be touched by transforming / resolving a note.
  # This makes sure it is only marked as edited when the note body is updated.
  def edited?
    return false if updated_by.blank?

    super
  end

  def award_emoji?
    can_be_award_emoji? && contains_emoji_only?
  end

  def emoji_awardable?
    !system?
  end

  def can_be_award_emoji?
    noteable.is_a?(Awardable) && !part_of_discussion?
  end

  def contains_emoji_only?
    note =~ /\A#{Banzai::Filter::EmojiFilter.emoji_pattern}\s?\Z/
  end

  def noteable_ability_name
    if for_snippet?
      'snippet'
    elsif for_alert_mangement_alert?
      'alert_management_alert'
    elsif for_vulnerability?
      'security_resource'
    else
      noteable_type.demodulize.underscore
    end
  end

  def can_be_discussion_note?
    self.noteable.supports_discussions? && !part_of_discussion? && !system?
  end

  def can_create_todo?
    # Skip system notes, and notes on snippets
    !system? && !for_snippet?
  end

  def discussion_class(noteable = nil)
    # When commit notes are rendered on an MR's Discussion page, they are
    # displayed in one discussion instead of individually.
    # See also `#discussion_id` and `Discussion.override_discussion_id`.
    if noteable && noteable != self.noteable
      OutOfContextDiscussion
    else
      IndividualNoteDiscussion
    end
  end

  # See `Discussion.override_discussion_id` for details.
  def discussion_id(noteable = nil)
    discussion_class(noteable).override_discussion_id(self) || super() || ensure_discussion_id
  end

  # Returns a discussion containing just this note.
  # This method exists as an alternative to `#discussion` to use when the methods
  # we intend to call on the Discussion object don't require it to have all of its notes,
  # and just depend on the first note or the type of discussion. This saves us a DB query.
  def to_discussion(noteable = nil)
    Discussion.build([self], noteable)
  end

  # Returns the entire discussion this note is part of.
  # Consider using `#to_discussion` if we do not need to render the discussion
  # and all its notes and if we don't care about the discussion's resolvability status.
  def discussion
    strong_memoize(:discussion) do
      full_discussion = self.noteable.notes.find_discussion(self.discussion_id) if self.noteable && part_of_discussion?
      full_discussion || to_discussion
    end
  end

  def start_of_discussion?
    discussion.first_note == self
  end

  def part_of_discussion?
    !to_discussion.individual_note?
  end

  def in_reply_to?(other)
    case other
    when Note
      if part_of_discussion?
        in_reply_to?(other.noteable) && in_reply_to?(other.to_discussion)
      else
        in_reply_to?(other.noteable)
      end
    when Discussion
      self.discussion_id == other.id
    when Noteable
      self.noteable == other
    else
      false
    end
  end

  def references
    refs = [noteable]

    if part_of_discussion?
      refs += discussion.notes.take_while { |n| n.id < id }
    end

    refs
  end

  def bump_updated_at
    # Instead of calling touch which is throttled via ThrottledTouch concern,
    # we bump the updated_at column directly. This also prevents executing
    # after_commit callbacks that we don't need.
    attributes_to_update = { updated_at: Time.current }

    # Notes that were edited before the `last_edited_at` column was added, fall back to `updated_at` for the edit time.
    # We copy this over to the correct column so we don't erroneously change the edit timestamp.
    if updated_by_id.present? && read_attribute(:last_edited_at).blank?
      attributes_to_update[:last_edited_at] = updated_at
    end

    update_columns(attributes_to_update)
  end

  def expire_etag_cache
    noteable&.expire_note_etag_cache
  end

  def touch(*args, **kwargs)
    # We're not using an explicit transaction here because this would in all
    # cases result in all future queries going to the primary, even if no writes
    # are performed.
    #
    # We touch the noteable first so its SELECT query can run before our writes,
    # ensuring it runs on a secondary (if no prior write took place).
    touch_noteable
    super
  end

  # By default Rails will issue an "SELECT *" for the relation, which is
  # overkill for just updating the timestamps. To work around this we manually
  # touch the data so we can SELECT only the columns we need.
  def touch_noteable
    # Commits are not stored in the DB so we can't touch them.
    return if for_commit?

    assoc = association(:noteable)

    noteable_object =
      if assoc.loaded?
        noteable
      else
        # If the object is not loaded (e.g. when notes are loaded async) we
        # _only_ want the data we actually need.
        assoc.scope.select(:id, :updated_at).take
      end

    noteable_object&.touch

    # We return the noteable object so we can re-use it in EE for Elasticsearch.
    noteable_object
  end

  def notify_after_create
    noteable&.after_note_created(self)
  end

  def notify_after_destroy
    noteable&.after_note_destroyed(self)
  end

  def banzai_render_context(field)
    super.merge(noteable: noteable, system_note: system?, label_url_method: noteable_label_url_method)
  end

  def retrieve_upload(_identifier, paths)
    Upload.find_by(model: self, path: paths)
  end

  def resource_parent
    project
  end

  def user_mentions
    return Note.none unless noteable.present?

    noteable.user_mentions.where(note: self)
  end

  def system_note_visible_for?(user)
    return true unless system?

    system_note_viewable_by?(user) && all_referenced_mentionables_allowed?(user)
  end

  def parent_user
    noteable.author if for_personal_snippet?
  end

  def skip_notification?
    review.present? || !author.can_trigger_notifications?
  end

  def post_processed_cache_key
    cache_key_items = [cache_key, author&.cache_key]
    cache_key_items << project.team.human_max_access(author&.id) if author.present?
    cache_key_items << Digest::SHA1.hexdigest(redacted_note_html) if redacted_note_html.present?

    cache_key_items.join(':')
  end

  override :user_mention_class
  def user_mention_class
    return if noteable.blank?

    noteable.user_mention_class
  end

  override :user_mention_identifier
  def user_mention_identifier
    return if noteable.blank?

    noteable.user_mention_identifier.merge({
      note_id: id
    })
  end

  def show_outdated_changes?
    return false unless for_merge_request?
    return false unless system?
    return false if change_position&.on_file?
    return false unless change_position&.line_range

    change_position.line_range["end"] || change_position.line_range["start"]
  end

  def commands_changes
    @commands_changes&.slice(
      :due_date,
      :label_ids,
      :remove_label_ids,
      :add_label_ids,
      :canonical_issue_id,
      :clone_with_notes,
      :confidential,
      :create_merge_request,
      :add_contacts,
      :remove_contacts,
      :assignee_ids,
      :milestone_id,
      :time_estimate,
      :spend_time,
      :discussion_locked,
      :merge,
      :rebase,
      :wip_event,
      :target_branch,
      :reviewer_ids,
      :health_status,
      :promote_to_epic,
      :weight,
      :emoji_award,
      :todo_event,
      :subscription_event,
      :state_event,
      :title,
      :tag_message,
      :tag_name
    )
  end

  def mentioned_users(current_user = nil)
    users = super

    return users unless confidential?

    Ability.users_that_can_read_internal_notes(users, resource_parent)
  end

  def mentioned_filtered_user_ids_for(references)
    return super unless confidential?

    user_ids = references.mentioned_user_ids.presence

    return [] if user_ids.blank?

    users = User.where(id: user_ids)
    Ability.users_that_can_read_internal_notes(users, resource_parent).pluck(:id)
  end

  # Method necessary while we transition into the new format for task system notes
  # TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/369923
  def note
    return super unless system? && for_issue? && super&.match?(ISSUE_TASK_SYSTEM_NOTE_PATTERN)

    super.sub!('task', 'checklist item')
  end

  # Method necesary while we transition into the new format for task system notes
  # TODO: https://gitlab.com/gitlab-org/gitlab/-/issues/369923
  def note_html
    return super unless system? && for_issue? && super&.match?(ISSUE_TASK_SYSTEM_NOTE_PATTERN)

    super.sub!('task', 'checklist item')
  end

  def issuable_ability_name
    confidential? ? :read_internal_note : :read_note
  end

  def exportable_record?(user)
    return true unless system?

    readable_by?(user)
  end

  # Override method defined in Spammable
  # Wildcard argument because user: argument is not used
  def check_for_spam?(*)
    return false if system? || !spammable_attribute_changed? || confidential?
    return false if noteable.try(:confidential?) == true || noteable.try(:public?) == false
    return false if noteable.try(:group)&.public? == false || project&.public? == false

    true
  end

  # Use attributes.keys instead of attribute_names to filter out the fields that are skipped during export:
  #
  # - note_html
  # - cached_markdown_version
  def attribute_names_for_serialization
    attributes.keys
  end

  private

  def trigger_note_subscription?
    for_issue? && noteable
  end

  def system_note_viewable_by?(user)
    return true unless system_note_metadata

    system_note_viewable_by_project_ability?(user) && system_note_viewable_by_group_ability?(user)
  end

  def system_note_viewable_by_project_ability?(user)
    project_restriction = TYPES_RESTRICTED_BY_PROJECT_ABILITY[system_note_metadata.action.to_sym]
    !project_restriction || Ability.allowed?(user, project_restriction, project)
  end

  def system_note_viewable_by_group_ability?(user)
    group_restriction = TYPES_RESTRICTED_BY_GROUP_ABILITY[system_note_metadata.action.to_sym]
    !group_restriction || Ability.allowed?(user, group_restriction, project&.group)
  end

  def keep_around_commit
    project.repository.keep_around(self.commit_id)
  end

  def nullify_blank_type
    self.type = nil if self.type.blank?
  end

  def nullify_blank_line_code
    self.line_code = nil if self.line_code.blank?
  end

  def ensure_discussion_id
    return if self.attribute_present?(:discussion_id)

    self.discussion_id = derive_discussion_id
  end

  def derive_discussion_id
    discussion_class.discussion_id(self)
  end

  def all_referenced_mentionables_allowed?(user)
    return true unless system_note_with_references?

    if user_visible_reference_count.present? && total_reference_count.present?
      # if they are not equal, then there are private/confidential references as well
      total_reference_count == 0 ||
        user_visible_reference_count > 0 && user_visible_reference_count == total_reference_count
    else
      refs = all_references(user)
      refs.all

      refs.all_visible?
    end
  end

  def force_cross_reference_regex_check?
    return unless system?

    system_note_metadata&.cross_reference_types&.include?(system_note_metadata&.action)
  end

  def does_not_exceed_notes_limit?
    return unless noteable

    errors.add(:base, _('Maximum number of comments exceeded')) if noteable.notes.count >= Noteable::MAX_NOTES_LIMIT
  end

  def validate_created_after
    return unless created_at
    return if created_at >= '1970-01-01'

    errors.add(:created_at, s_('Note|The created date provided is too far in the past.'))
  end

  def noteable_label_url_method
    for_merge_request? ? :project_merge_requests_url : :project_issues_url
  end

  def ensure_confidentiality_not_changed
    return unless will_save_change_to_attribute?(:confidential)
    return unless attribute_change_to_be_saved(:confidential).include?(true)

    errors.add(:confidential, _('can not be changed for existing notes'))
  end

  def ensure_confidentiality_discussion_compliance
    return if start_of_discussion?

    if discussion.first_note.confidential? != confidential?
      errors.add(:confidential, _('reply should have same confidentiality as top-level note'))
    end

  ensure
    clear_memoization(:discussion)
  end

  def ensure_noteable_can_have_confidential_note
    return unless confidential?
    return if noteable_can_have_confidential_note?

    errors.add(:confidential, _('can not be set for this resource'))
  end

  def ensure_note_type_can_be_confidential
    return unless confidential?
    return if NON_DIFF_NOTE_TYPES.include?(type)

    errors.add(:confidential, _('can not be set for this type of note'))
  end

  def noteable_can_have_confidential_note?
    for_issue?
  end

  def set_internal_flag
    self.internal = confidential if confidential
  end
end

Note.prepend_mod_with('Note')
